Documentation ¶
Index ¶
Constants ¶
const ( // LoadCertInterval is the interval of reloading the certificate. The certificate should be rotated periodically. LoadCertInterval = 10 * time.Minute )
Token-based authentication is used in session migration. We don't use typical authentication because the proxy cannot store the user passwords for security issues.
The process of token-based authentication: 1. Before migrating the session, the proxy requires a token from server A. 2. Server A generates a token and signs it with a private key defined in the certificate. 3. The proxy authenticates with server B and sends the signed token as the password. 4. Server B checks the signature with the public key defined in the certificate and then verifies the token.
The highlight is that the certificates on all the servers should be the same all the time. However, the certificates should be rotated periodically. Just in case of using different certificates to sign and check, a server should keep the old certificate for a while. A server will try both the 2 certificates to check the signature.
Variables ¶
var ( // ErrCannotMigrateSession indicates the session cannot be migrated. ErrCannotMigrateSession = dbterror.ClassSession.NewStd(errno.ErrCannotMigrateSession) )
Functions ¶
func ReloadSigningCert ¶
func ReloadSigningCert()
ReloadSigningCert is used to load the certificate periodically in a separate goroutine. It's impossible to know when the old certificate should expire without this goroutine: - If the certificate is rotated a minute ago, the old certificate should be still valid for a while. - If the certificate is rotated a month ago, the old certificate should expire for safety.
func SetCertPath ¶
func SetCertPath(certPath string)
SetCertPath sets the path of key.pem and force load the certificate again.
func SetKeyPath ¶
func SetKeyPath(keyPath string)
SetKeyPath sets the path of key.pem and force load the certificate again.
func ValidateSessionToken ¶
ValidateSessionToken validates the token sent from the proxy.
Types ¶
type LastDDLInfo ¶
LastDDLInfo represents the information of last DDL. It's used to expose information for test purpose.
type PreparedStmtInfo ¶
type PreparedStmtInfo struct { Name string `json:"name,omitempty"` StmtText string `json:"text"` StmtDB string `json:"db,omitempty"` ParamTypes []byte `json:"types,omitempty"` }
PreparedStmtInfo contains the information about prepared statements, both text and binary protocols.
type QueryInfo ¶
type QueryInfo struct { TxnScope string `json:"txn_scope"` StartTS uint64 `json:"start_ts"` ForUpdateTS uint64 `json:"for_update_ts"` ErrMsg string `json:"error,omitempty"` }
QueryInfo represents the information of last executed query. It's used to expose information for test purpose.
type SessionStateType ¶
type SessionStateType int
SessionStateType is the type of session states.
const ( // StatePrepareStmt represents prepared statements. StatePrepareStmt SessionStateType = iota // StateBinding represents session SQL bindings. StateBinding )
These enums represents the types of session state handlers.
type SessionStates ¶
type SessionStates struct { UserVars map[string]*types.Datum `json:"user-var-values,omitempty"` UserVarTypes map[string]*ptypes.FieldType `json:"user-var-types,omitempty"` SystemVars map[string]string `json:"sys-vars,omitempty"` PreparedStmts map[uint32]*PreparedStmtInfo `json:"prepared-stmts,omitempty"` PreparedStmtID uint32 `json:"prepared-stmt-id,omitempty"` Status uint16 `json:"status,omitempty"` CurrentDB string `json:"current-db,omitempty"` LastTxnInfo string `json:"txn-info,omitempty"` LastQueryInfo *QueryInfo `json:"query-info,omitempty"` LastDDLInfo *LastDDLInfo `json:"ddl-info,omitempty"` LastFoundRows uint64 `json:"found-rows,omitempty"` FoundInPlanCache bool `json:"in-plan-cache,omitempty"` FoundInBinding bool `json:"in-binding,omitempty"` SequenceLatestValues map[int64]int64 `json:"seq-values,omitempty"` LastAffectedRows int64 `json:"affected-rows,omitempty"` LastInsertID uint64 `json:"last-insert-id,omitempty"` Warnings []stmtctx.SQLWarn `json:"warnings,omitempty"` // Define it as string to avoid cycle import. Bindings string `json:"bindings,omitempty"` }
SessionStates contains all the states in the session that should be migrated when the session is migrated to another server. It is shown by `show session_states` and recovered by `set session_states`.
type SessionToken ¶
type SessionToken struct { Username string `json:"username"` SignTime time.Time `json:"sign-time"` ExpireTime time.Time `json:"expire-time"` Signature []byte `json:"signature,omitempty"` }
SessionToken represents the token used to authenticate with the new server.
func CreateSessionToken ¶
func CreateSessionToken(username string) (*SessionToken, error)
CreateSessionToken creates a token for the proxy.